Financial services companies that are based in the European Union or that do business in the EU must be compliant with the Digital Operational Resilience Act (DORA) by January 25, 2025. They must meet all five pillars of DORA compliance: ICT risk management. ICT incident reporting. digital operational resilience testing, third-party risk management, and information sharing.
The average cost of a data breach for financial industry enterprises globally is $6.1 million in 2024, according to the IBM Cost of a Data Breach 2024 report, more than 20% higher than for all industries combined.
The Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554, is a key piece of European Union legislation focused on strengthening the resilience of the financial sector against digital operational risks, such as cyberattacks and other ICT-related disruptions.
DORA aims to ensure that financial institutions can withstand, respond to, and recover from all types of ICT-related disruptions and threats, including cyberattacks. By addressing digital threats in the financial sector, DORA protects the stability and integrity of the EU financial system.
If you’re wondering why you’re hearing about DORA now, it’s because financial institutions have until January 17, 2025 to comply with DORA’s regulations or face stiff penalties. Many of the required steps include thorough documentation of procedures that will be time-consuming if your organization doesn’t already have them in place, so you should start preparing now.
Companies are subject to fines up to 2% of their annual turnover (product revenue) as well as administrative repercussions, license revocation, and brand degradation. Individuals face criminal penalties as well.
For third-party service providers found to be in violation of DORA, penalties can be up to 1% of the previous year’s average daily turnover per day for up to six months.
Did you hit these critical dates?
There are still critical dates ahead:
Cyber incidents are rapidly becoming a matter of when, not if, for financial institutions. According to the IBM report, 75% of the increase in average breach costs in this year’s study is from lost business and post-breach response activities. Investing in post-breach response preparedness can help dramatically lower breach costs for financial enterprises and their customers.
Here are five steps Financial Services companies that use Java can take to become compliant:
Failure to earn DORA compliance can have a serious impact on your organization and the individuals responsible for your Java investments. Non-compliance includes:
DORA is one of several pieces of legislation around the world aimed at strengthening the resilience of companies against cyberattacks, data breaches, and other incidents. Others include Cybersecurity and Infrastructure Security Agency (CISA) Directives in the U.S., UK Financial Conduct Authority (FCA) Operational Resilience Requirements in the UK, and the Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines in Singapore, among many others.
DORA is targeted at ensuring that financial institutions are better equipped to handle ICT-related risks, to protect the stability and integrity of the EU financial system.
The legislation focuses on ICT assets, which it defines as “a software or hardware asset in the network and information systems used by a financial entity.” Java is the programming language of choice for the Financial Services industry. According to the 2022 FINOS State of Open Source in Financial Services report, 51% of the code within the financial services data set is written in Java.
All the world’s top 10 trading companies and six of the top 10 U.S. financial firms have switched to Azul. Using a stable, supported Java platform is critical to complying with DORA. With that in mind, we present some guidance to help get you started on your road to DORA compliance.
Azul is the only OpenJDK distribution that provides quarterly updates to its customers that are focused on security-only fixes. Azul is an excellent fit for DORA’s requirements, offering updates and patches to address vulnerabilities consistently faster than any alternative distribution. Azul makes these updates available according to a strict SLA, which is critical for protecting financial systems under DORA’s stringent cybersecurity mandates.
Azul’s OpenJDK also unlocks and enables monitoring and logging capabilities, in particular via its unique Intelligence Cloud product, which is critical for DORA’s reporting and incident response requirements.
With uniquely advanced monitoring tools and detailed logging mechanisms, Java applications on Azul’s platform can provide real-time insights and comprehensive audit trails focused on detecting vulnerabilities as well as unused code, enabling financial entities to detect, report, and respond to incidents promptly.
Azul’s high-performance Java platform, Azul Platform Prime, and its flagship Platform Core, align with DORA’s continuity planning and disaster recovery emphasis. Azul’s hardened enterprise OpenJDK distribution is optimized for high performance and stability, ensuring financial applications remain operational during disruptions.
Azul’s commitment to long-term support and regular updates, including extended support for Java 6 and 7 not provided even by Oracle, uniquely helps to mitigate risks associated with third-party dependencies, meeting DORA’s high security standards.
Azul’s OpenJDK is the premier choice for financial institutions seeking compliance with the Digital Operational Resilience Act (DORA) in the EU.
Its comprehensive long-term support (LTS) versions ensure stability and ongoing security updates, crucial for maintaining operational resilience under regulatory scrutiny. Azul’s enhanced security features, comprehensive testing, and compatibility with modern architectures and cloud environments provide the secure and scalable Java platform demanded by DORA.
With a proven track record in performance and reliability, Azul exceeds the stringent requirements of DORA, offering financial institutions a Java solution that can navigate the complexities of digital operational resilience effectively.
For more information, read our DORA FAQs or talk to a Java application and infrastructure expert at Azul.
Read our FAQ about DORA compliance.
The post When Should You Prepare Your Java State for DORA Compliance? (Hint: NOW) appeared first on Azul | Better Java Performance, Superior Java Support.
*** This is a Security Bloggers Network syndicated blog from Security Blog Posts - Azul authored by Azul. Read the original post at: https://www.azul.com/blog/when-should-you-prepare-your-java-state-for-dora-compliance-hint-now/